SBS - The best value in QMS software

Do we need a Risk Register for ISO 9001:2015

Z

zoolieu

#1
It appears that a "risk register" is not required for ISO 9001:2015.
We always post issues, situations, risks, concerns and potential problems on a large dry erase board so that the issues do not get forgotten.
Would it also be necessary to draft a register to house these risks and resolutions in?
We have our audit in 3 weeks.
On a side note - we are a distributor (not MFG) and very small company of 5
 
Elsmar Forum Sponsor
B

BoardGuy

#2
Although 6.1 specifies that the organization shall plan action to address risk there is:

a) No requirement for formal methods for risk management
b) No requirement to document risk management process
c) No requirement to retain documented information as evidence of determination of risks.

This part of the Standard has developed in to a cottage industry of risk based thinking gurus that could lead you in to performing FMEAs for all process. We developed a simple spreadsheet that addresses both Section 4 and 6.1 requirements. Our spreadsheet looks at:

a) Interested parties and their reason for interest
b) Internal issues of concern
c) External issues of concern
e) Organizational risks and how they are addressed

In the end you should not just create something to address 6.1. You should develop needed information that is helpful to top management and the organization.
 
Z

zoolieu

#3
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
 

Kronos147

Trusted Information Resource
#4
At our shop, we found something we already capture, NCR's, in our NCR log, and added an NCR classification, Risk.

We look to see what methods we already have and expand upon them as opposed to develop new processes.

We also have a quote review checklist. We added a section to document Risks.

We have a process to qualify vendors and issue PO's. We integrated risk management.
 
B

BoardGuy

#5
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
 
Z

zoolieu

#6
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
 
J

Jim Green

#7
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
I am not an expert, but I would keep it in an electronic folder. Then present hard copy during Mgr Review. That way it's covered.

In my experience, the more you have presented in Mgr Review, the more efficient and easy your external/3rd party audits tend to be.

I am going to start off very simple at first. Trying to capture major processes, and see how it goes.
 
Z

zoolieu

#8
So - I have a bit to add that I hope will deem helpful.
You do NOT have to have a "register" per se, but you do need to have a MR, so that all has to be integrated. We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
 

Mark Meer

Trusted Information Resource
#9
We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
I would strongly suggest moving this activity to a shared document/spreadsheet, instead of a dry-erase board. ISO requirements aside, I think it's important to have some lasting record of activities you do... it makes it easier to look back later and make decisions based on past activities.

Google Docs is a good possibility as it is free, any number of people can collaborate simultaneously, and revision histories are maintained.

If people are at their computers daily, you could set it to people's home-page, thus (more-or-less) ensuring that everyone sees it daily...
 

dsanabria

Quite Involved in Discussions
#10
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
You could do a "PM" Private Message and not make your documentation to the whole world - thus not violating proprietary laws because no one will know or find out. :cool:
 
Thread starter Similar threads Forum Replies Date
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
V How to Publish/Convince Stake Holders about need/utility of Risk Management Systems FMEA and Control Plans 6
S Do HF Accessories need to perform a Risk Management Process of 60601-1:2005? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
W Need risk acceptance policy/criteria ISO 14971 - Medical Device Risk Management 3
A ISO14971:2001 - Risk Management for Medical Devices - Help need copy ISO 14971 - Medical Device Risk Management 10
R Reduce the need for authorisation of low risk changes Document Control Systems, Procedures, Forms and Templates 3
P UDI-PI requirements on reusable surgical device, do we need serialisation? ISO 13485:2016 - Medical Device Quality Management Systems 0
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 6
W 17025 and NIST handbook relationship (need advice) ISO 17025 related Discussions 2
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2
K Need procedure for D&D inputs? ISO 13485:2016 - Medical Device Quality Management Systems 4
S Need help on "Country of Origin" Medical Device and FDA Regulations and Standards News 0
Ed Panek Immediate need for 80601-2-56 Consulting expert. PM me for details Career and Occupation Discussions 0
Tagin You're Gonna Need a Bigger Root Cause Coffee Break and Water Cooler Discussions 12
M PSA Suppliers - CSR matrix and need the quality manual of PSA APQP and PPAP 2
K "World Class Product" based QM. I need advice. Quality Management System (QMS) Manuals 14
I Do I need to sign off my annual audit calendar? Internal Auditing 2
P Do we need to retrospectively use the "MD" symbol (indicating device is a medical device) on labels, e.g. finished devices within expiration date? EU Medical Device Regulations 2
M Do I need separation in my circuit with a medical charger? IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
V Certified Auditor - Need of additional certification specific to industry ( GMPs) ASQ vs ECA vs others Professional Certifications and Degrees 1
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
J Records Control - Does each individual record need to be numbered? Records and Data - Quality, Legal and Other Evidence 2
N Is there a need for clinical test of Class IIa products (for MDR)? EU Medical Device Regulations 2
J Do Software Subcontractors need to be ISO13485 compliant in the EU? EU Medical Device Regulations 3
K Do I need a "State of the art" plan? CE Marking (Conformité Européene) / CB Scheme 1
S Need advice for schooling Quality Manager and Management Related Issues 5
R What information do i need to get from the device manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
S Need guidance on project ISO 13485:2016 - Medical Device Quality Management Systems 2
H Need MSA 4th ed. compliant attribute MSA template General Measurement Device and Calibration Topics 4
J Need Change Control Yes/No Decision Tree Template ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C Does an accessory need an IFU if it use is discussed in the Parent device IFU? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
B Countries with no need for FSC (Free sales certificate) Other Medical Device Regulations World-Wide 0
A Brexit When does the UK responsible person need to be in place? UK Medical Device Regulations 10
R Do we need issue ECN (Engineering Change Notice) towards updated Material Specification? Design and Development of Products and Processes 2
N IPC-A-630 - Is this free or do i really need to pay for it? Manufacturing and Related Processes 4
C ISO/ IEC 17021 Resource requirement (need help) Document Control Systems, Procedures, Forms and Templates 5
P Need a programmer for QVI's VMS software for optical inspection machine Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
silentmonkey How to decide what characteristics need to be verified during incoming inspection? ISO 13485:2016 - Medical Device Quality Management Systems 5
D Change Approval Requirements - Does every change need formal customer approval? Design and Development of Products and Processes 17
T Do I need a qualified compiler for class B software? IEC 62304 - Medical Device Software Life Cycle Processes 3
E 13485:2016, Sections 4.1.6, 7.5.6 and 7.6 - Validation of Software - Need some Advice please ISO 13485:2016 - Medical Device Quality Management Systems 3
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
L Proof of Concept Studies - Do we need to comply with SAE reporting? Medical Device and FDA Regulations and Standards News 3
gunnyshore Adding a new facility - do I need to submit an amendment to the MDL or MDEL, or both? Canada Medical Device Regulations 3
N FDA UDI - Label vs. Labeling - Does the insert need to include UDI? Other US Medical Device Regulations 1
SocalSurfer AS9100 new certificate, but need QMS software, help Quality Assurance and Compliance Software Tools and Solutions 2

Similar threads

Top Bottom